SiteAuth is a software package that complements and seamlessly overlays on existing login and authentication systems. It utilizes psychologically-sound visual cues that will make it obvious whether a user has landed on a legitimate web page or has been directed to a clone that will steal data and possibly money – all without requiring users to register, answer challenge questions, or undergo any extra steps during the login process.

SiteAuth protects organizations, their employees, and their customers from phishing, pharming, and Internet fraud. It can help stop the digital leakage of corporate trade secrets or personal sensitive information, and can help prevent financial losses that may incur as a result of such leaks. SiteAuth was designed by a team consisting of an information-security expert and a psychologist, and leverages various aspects of both disciplines to protect even untrained users who do not make any conscious effort to stay secure.

SiteAuth is a software solution that can be delivered in an API format, and can integrate into and can run on numerous platforms. It scales to accommodate environments of all sizes, and can be used in conjunction with multi-factor authentication and fraud-detection systems. It can also be embedded into third-party software packages and cloud applications.

How It Works

Criminals rely on their ability to replicate the “look and feel” of a legitimate business’s online presence in order to trick users into divulging sensitive information. Green Armor products make it exceedingly difficult for criminals to do so.

The simultaneous elimination of unlimited-cellular-data plans coupled with the proliferation of Wi-Fi enabled devices has caused the number of people utilizing public WiFi networks for shopping and banking to skyrocket. When people conduct such activities over such networks, however, they are at risk of accessing clone/evil-twin sites -- even when they type the full URL of the site they are accessing, and even when using supposedly secure, encrypted communications to banks or online stores. Criminals can set up phony access points with names identical to legitimate ones, and use any one of several hacking techniques to steal data and money from users.

Green Armor's SiteAuth defends against such risks and allows users using tablets, laptops, or smartphones over public WiFi networks to securely bank or shop.

Security is achieved through the use of easily recognizable visual cues that appear during the user login process. These cues were designed based on advanced psychology, and, even after a user’s first access to a web site, become an integral part of the user’s visual experience on that site; if the cues are not present on a subsequent login, even users who are not consciously looking for them will notice that something looks “very wrong” with the site that they are accessing and will not enter their credentials or sensitive information.

Visual cues vary between users, but are identical on each login for any particular user. Cues may be customized by an organization deploying Green Armor products, but typically consist of colored boxes with basic text elements (such as letters, short words, or short numbers) or famous phrases/quotes within them.

Cues are generated by applying a one-way mathematical cryptographic function to portions of text that the user types and a series of keys established by (and known only to) the organization – criminals cannot spoof or generate the correct cues for any particular user. Users who access a phishing site will not see their cues and will quickly realize that “something is wrong.”

Improved Authentication

SiteAuth works with numerous forms of user authentication – so whether your users use usernames and passwords, one-time passwords, hardware tokens, biometrics, or other techniques to authenticate themselves to your system – you can leverage SiteAuth products to ensure that their authentication information is in fact being sent to you and not to a criminal. SiteAuth overlays existing authentiction systems in a simple and clean fashion, keeping installation and support costs down.

Furthermore, SiteAuth products can help your organization meet FFIEC, NCUA, or HIPAA regulations by providing two-way (mutual) authentication – but without forcing you to inconvenience your users in order to achieve that improved level of protection.

Business Benefits

The elegance and simplicity of SiteAuth can provide significant benefits to many organizations transacting business online or allowing their employees remote access to sensitive resources. Among these benefits are:

Encouraging users to bank or shop from anywhere -- including from from Public WiFi networks -- thereby increasing both revenues and profits.

A significant reduction in the losses (financial and otherwise) incurred as a result of fraud.

The protection of sensitive data that is transmitted or accessible online.

The ability to continue business operations without the need to impose new operationally disruptive processes, capital-intensive systems, or administrative restrictions intended to reduce exposure to phishing.

Greater customer comfort with conducting business online due to improved security delivered without having to impose any new requirements on them.

An enhanced shielding against litigation that may arise from fraud incident -- including those resulting in identity theft achieved through clone sites accessed from public Wifi locations..

It works! - SiteAuth was designed by a psychologist to be maximally effective with minimal intrusion on users, and has proven effective in the field. How many other anti-phishing technologies have proven to work only in theory, but due to shortcomings in user experience, fail to actually protect people?

Proactive protection – Identity Cues helps stop users from falling prey to phishing and other close-sites before they surrender sensitive information to mischievous parties, not by trying to “clean up” afterwards.

Convenience for users:

No user enrollment is required – significantly improving convenience for users and dramatically reducing the “real cost” of implementing and maintaining the anti-phishing solution.

No extra steps are added to the user’s login process – users enjoy the same experience that they always have. Furthermore, if an organization plans to implement a new authentication system it can minimize user disruption by implementing Identity Cues for anti-phishing purposes – as SiteAuth will not add any extra steps beyond those of the primary authentication.

No software download – the user does not need to download or install any software.

The user does not need to carry any physical devices (e.g., tokens)

Access is available from essentially any web-connected device.

The user experience remains the same for any particular user even across diverse locations and devices – simplifying the user experience and reducing the chance that criminals can exploit user confusion to successfully execute a phishing attack.

SiteAuth requires little ongoing maintenance – cues are generated in real time, there is no database to maintain.

Lower Cost of Implementation and Ongoing Total Cost of Ownership (TCO) – because of the aforementioned unique attributes, SiteAuth sports a much lower expected cost of implementation and ongoing TCO numbers that do other anti-phishing technologies.

SiteAuth does not disclose sensitive information to criminals – some anti-phishing systems allow any parties on the Internet (including criminals) to determine what usernames are valid for the online systems that they “protect.” If your organization would not post a list of all of your online system’s valid usernames on the Internet, such a vulnerability should be of significant concern.

Professional Services

Green Armor™ also provides professional services and consulting associated with our information-security products. We help all of our customers install and integrate our offerings into their environments, so as to ensure quick and successful implementations. Of course, Green Armor also offers ongoing support for all of our product deployments.

Green Armor authentication software helps enterprises secure access to online systems from computers and mobile devices by using a unique, patent-pending blend of psychology and technology to deliver "maximum security with maximum convenience," curtailing cybercrimes and ensuring compliance with regulatory requirements (FFIEC, HIPAA, GLB, etc.), while allowing users to continue to enjoy the same simple user experience with which they are already comfortable.